Wipe Disks

From David's Wiki
Revision as of 02:15, 22 January 2023 by David (talk | contribs) (→‎HDDs - Using shred)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

For HDDs, you need to overwrite everything.
For SSDs, the BIOS can typically invoke a secure erase.

HDDs - Using shred

DEVICE=/dev/sdb
shred -v -n1 $DEVICE

SATA SSD Secure Erase

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

Generally you do not want to write a bunch of zeros or random data to SSDs which would create significant wear. For performance reasons, SSDs typically encrypt data internally. A secure erase on an SSD will just generate a new internal encryption key, taking only a few minutes and avoiding unnecessary wear.

DEVICE=/dev/sdb

# Check if device is frozen
# On Ubuntu live, you may need to sleep and wake the system
sudo hdparm -I $DEVICE

# Set a password to Eins
sudo hdparm --user-master u --security-set-pass Eins $DEVICE
# Check that the master password is enabled
sudo hdparm -I /dev/sda

# Run secure erase (wipes internal encryption key)
sudo hdparm --user-master u --security-erase Eins $DEVICE
# Or for secure erase enhanced (takes longer, wipes multiple times)
sudo hdparm --user-master u --security-erase-enhanced Eins $DEVICE

# After a few minutes, check that the master password is disabled
sudo hdparm -I /dev/sda

NVME - Secure Erase

reference